TW202036350A - An integrated circuit, method and computer program - Google Patents
An integrated circuit, method and computer program Download PDFInfo
- Publication number
- TW202036350A TW202036350A TW108141447A TW108141447A TW202036350A TW 202036350 A TW202036350 A TW 202036350A TW 108141447 A TW108141447 A TW 108141447A TW 108141447 A TW108141447 A TW 108141447A TW 202036350 A TW202036350 A TW 202036350A
- Authority
- TW
- Taiwan
- Prior art keywords
- temperature
- integrated circuit
- area
- processing area
- event
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01L—SEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
- H01L23/00—Details of semiconductor or other solid state devices
- H01L23/57—Protection from inspection, reverse engineering or tampering
- H01L23/576—Protection from inspection, reverse engineering or tampering using active circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C7/00—Arrangements for writing information into, or reading information out from, a digital store
- G11C7/10—Input/output [I/O] data interface arrangements, e.g. I/O data control circuits, I/O data buffers
- G11C7/1078—Data input circuits, e.g. write amplifiers, data input buffers, data input registers, data input level conversion circuits
- G11C7/1096—Write circuits, e.g. I/O line write drivers
-
- H—ELECTRICITY
- H01—ELECTRIC ELEMENTS
- H01L—SEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
- H01L23/00—Details of semiconductor or other solid state devices
- H01L23/34—Arrangements for cooling, heating, ventilating or temperature compensation ; Temperature sensing arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Condensed Matter Physics & Semiconductors (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Power Engineering (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Semiconductor Integrated Circuits (AREA)
Abstract
Description
本說明係關於一積體電路、方法以及計算機程式。This description is about an integrated circuit, method, and computer program.
此處描述之「背景技術」係廣泛呈現本說明之內容。因此,皆非明確或暗示地承認背景技術所提及之當前發明者的工作及於申請時可能不算是先前技術之內容是本說明的先前技術。The "background technology" described here broadly presents the content of this description. Therefore, it is neither expressly nor implicitly acknowledged that the work of the current inventor mentioned in the background art and the content that may not be regarded as the prior art at the time of application is the prior art of this description.
對半導體晶片(chip)(如信用及簽帳卡之智慧卡晶片或行動電話之移動用戶識別卡)的物理性攻擊係已知。此類型攻擊中,駭客可能試圖取得密鑰或其他安全儲存於半導體晶片電路中之機密。此類型攻擊需要對晶片進行物理性存取。Physical attacks on semiconductor chips (such as smart card chips for credit and charge cards or mobile subscriber identification cards for mobile phones) are known. In this type of attack, the hacker may try to obtain keys or other secrets stored securely in the semiconductor chip circuit. This type of attack requires physical access to the chip.
此類型攻擊中,光學探測可能發生在晶片自背面向下變薄至10 μm (或更少)的剩餘厚度之處,用雷射進行探測。其他情況下,為了對金屬內連線進行電性或電子束探測,需從選擇區域的背面完整取下半導體。其他物理性攻擊機制,需薄化晶片以進行高解析X光斷層掃描或放光研究。In this type of attack, optical detection may occur where the wafer becomes thinner from the backside down to a remaining thickness of 10 μm (or less), and laser detection is used. In other cases, in order to perform electrical or electron beam detection on metal interconnects, the semiconductor must be completely removed from the back of the selected area. Other physical attack mechanisms require thinning of the chip for high-resolution X-ray tomography or light emission studies.
減少成功之物理性攻擊的可能性係嘗試及保護半導體晶片的背面。然而,要引入積體電路製程中,仍極少成功找到非過於昂貴或複雜的保護機制。To reduce the possibility of a successful physical attack is to try and protect the backside of the semiconductor chip. However, it is still very rare to successfully find a protection mechanism that is not too expensive or complicated to introduce into the integrated circuit manufacturing process.
因此,需要一方法降低對半導體晶片進行成功物理性攻擊之可能性,而該方法並非只保護半導體晶片背面。此為本說明欲達成之目標。Therefore, a method is needed to reduce the possibility of a successful physical attack on the semiconductor wafer, and this method does not only protect the backside of the semiconductor wafer. This is the goal to be achieved by this description.
據某一方面,提供一積體電路,包含:一處理區域用以執行複數個指令中之一指令;一第一溫度量測區域,配置為量測該積體電路中該處理區域執行該指令時之一第一溫度;該處理區域執行該指令時,該處理區域配置為比較該第一溫度量測區域之該第一量測溫度與一預定溫度,其中當該第一量測溫度超過該預定溫度達一閾值時,該處理區域觸發一事件。According to a certain aspect, an integrated circuit is provided, including: a processing area for executing one of a plurality of instructions; a first temperature measuring area configured to measure the processing area in the integrated circuit to execute the instruction When the processing area executes the instruction, the processing area is configured to compare the first measured temperature of the first temperature measurement area with a predetermined temperature, wherein when the first measured temperature exceeds the When the predetermined temperature reaches a threshold, the processing area triggers an event.
前述段落已用廣泛的方式介紹,並且無打算限制下列發明專利申請範圍。提及的實施例與進一步優勢,參考下列詳細說明及相關附圖會有最好的理解。The foregoing paragraphs have been introduced in a broad manner and are not intended to limit the scope of the following invention patent applications. The mentioned embodiments and further advantages can be best understood with reference to the following detailed description and related drawings.
參考繪圖,其中相同參考數字表示各圖的相同或相對應之元件。Reference drawings, where the same reference numbers indicate the same or corresponding elements in each drawing.
根據本說明實施例,圖1顯示一積體電路100。積體電路100由半導體材料如矽(Si)或砷化鎵(GaAs)製成。本說明實施例中,積體電路100將由包含非接觸技術之晶粒(die)或PIN型信用或簽帳卡。因此,積體電路100可符合EMV標準,或其他標準或根據 ISO/IEC 7816及 ISO/IEC 14443之標準。According to the illustrated embodiment, FIG. 1 shows an integrated
雖然積體電路100包含數個個別區域,且每一區皆執行各種符合這些標準之功能,但為方便解釋,圖1顯示三個區域。當然,多於或少於三個區域是可以預期的。Although the integrated
積體電路100包含一處理區域110以交換及處理資料。通常,資料在應用協定資料單元(Application Protocol Data Units, APDUs)中交換,且根據指令進行處理。例如,傳送指令至處理區域110,處理區域110將適當處理之並與積體電路100中之其他區域交換資料。指令係指自包含多個指令之指令集中所取出之處理區域110的單一操作,並由技術人員完成。The integrated
晶粒及PIN技術中之指令,例如可為一命令。此一命令可能包括產生應用程序的密碼命令、應用處理區域的命令、外部驗證的命令或類似的命令。這些技術人員已知的命令係由各種標準如 ISO/IEC 7816-3 定義。The command in the die and PIN technology can be, for example, a command. This command may include a password command for generating an application program, a command for an application processing area, a command for external verification, or a similar command. The commands known to these technicians are defined by various standards such as ISO/IEC 7816-3.
應當理解的是,儘管上述定義之命令是在晶粒及PIN的技術中使用,仍有些命令如外部驗證的命令是在其他晶粒卡應用程序(如符合 ISO/IEC 7816-4 標準之 GSM SIM 卡技術)中使用。因此,本說明書並不限於晶粒及 PIN 的技術,且可同等地應用於任何合適之技術。It should be understood that although the above-defined commands are used in die and PIN technology, some commands such as external verification commands are used in other die card applications (such as GSM SIM compliant with ISO/IEC 7816-4 standards). Card technology). Therefore, this specification is not limited to die and PIN technology, and can be equally applied to any suitable technology.
在指令處理期間,處理區域110可以處理或交換敏感資料。換句話說,處理區域110可以處理或交換資料,但若被惡意第三方擷取資料,可能會破壞積體電路100的安全性。敏感資料例如可為用來產生密碼之密鑰,或是與積體電路100使用者相關的個人資訊。此敏感資料可以以未加密形式儲存於儲存區域105中之安全部分。例如,用來產生密碼之密鑰以未加密形式儲存於儲存區域105中之安全部分。During command processing, the
在操作中,為批准交易,處理區域110可以藉由通訊電路115接收應用密碼的產生指令,作為來自與通訊電路115通訊之讀卡機(未顯示)的指令。除了指令外,處理區域110將接收其他資料單元,如交易數量及與批准來自讀卡機之交易相關的其他資訊。處理區域110將從儲存區域105之安全部分取回密鑰,並將利用密鑰來加密其他資料單元以產生密碼。密碼接著傳送至通訊區域115,再傳送至讀卡機。In operation, in order to approve the transaction, the
若惡意第三方對積體電路100執行物理性攻擊,則當密鑰自儲存區域105取回時,第三方能夠從連結處理區域110與儲存區域105之匯流排130中存取密鑰。換句話說,第三方可從讀卡機傳送應用密碼的產生指令。做為回應,未加密之密鑰將從儲存區域105之安全部分中取回,而被第三方以電子或電子束探測暴露的互聯內容時攔截。的確,若一物理性攻擊可直接存取儲存區域105之安全部分,密鑰可直接從儲存區域105之安全部分取回。這將可能破壞積體電路100的安全性。If a malicious third party performs a physical attack on the
當製造積體電路100時,係包含半導體晶粒上之儲存區域105、處理區域110與通訊區域115,並將散熱材料配置其上。操作積體電路100期間,為確保積體電路100沒有任一部份會過熱、失效或無法操作,會控制散熱材料之分布及其散熱特性。When the integrated
散熱材料可被置於半導體晶粒之任何位置。這包含半導體晶粒之背面。如上述提及,為了對積體電路100取得物理性接觸,會去除至少半導體晶粒背面的一部分。這意謂,至少有部分散熱材料被去除。這改變了積體電路100中散熱材料的特性。The heat dissipation material can be placed anywhere on the semiconductor die. This includes the backside of the semiconductor die. As mentioned above, in order to make physical contact with the integrated
特別是,散熱材料自一區域拆除後,比起有散熱材料的區域,在此區域之半導體晶粒的原位溫度顯著增加。這是因為,比起散熱至周圍環境,散熱材料有較佳之散熱特性。In particular, after the heat dissipation material is removed from an area, the in-situ temperature of the semiconductor die in this area is significantly increased compared to the area where the heat dissipation material is located. This is because the heat dissipation material has better heat dissipation characteristics than heat dissipation to the surrounding environment.
因此,本說明之實施例中,在積體電路100裝置一個或多個溫度感測器,用以量測積體電路100操作期間中至少一個區域之溫度。在實例中,當區域之溫度超過一閾值,一事件被觸發。換句話說,若區域之溫度超過閾值,則可以假設積體電路100已遭受一物理性侵入。因此,事件可能為:刪除或毀損儲存區域105或儲存區域105之一部分(如安全儲存部分)中的資料,破壞處理區域110,或自安全部分發布虛假資料以混淆敏感資料等。換句話說,此事件防止駭客取得敏感資訊。Therefore, in the embodiment of this description, one or more temperature sensors are installed in the integrated
如上述提及,儲存區域105及處理區域110係駭客欲取得物理性接觸之位在半導體晶粒(die)上之積體電路100的區域。具體來說,不限於實施例,儲存區域105之安全部分以及處理區域110與安全部分通訊之區域,係物理駭客特別想接觸之區域。As mentioned above, the
因此,於儲存區域105之安全區域上製造一第一溫度感測器120,並於處理區域110製造一第二溫度感測器125。換句話說,實施例中,第一溫度感測器120及第二溫度感測器125位於積體電路100的多個區域上,在一物理性攻擊期間,這些區域可能被暴露或被更動。當然,本說明並非如此受限,且感測器可位於積體電路100上之任何位置,如較少被當作攻擊目標的區域,以提供背景溫度的讀數。這些溫度感測器係以已知技術來製造,且可包含重新使用這些區域中已製造的電晶體。為求簡潔,由於溫度感測器於半導體晶粒及積體電路100的製造方法為已知,因此以下將不會詳細解釋之。Therefore, a
在物理侵入事件中,由於半導體晶粒上之散熱材料被移除,第一溫度感測器120及第二溫度感測器125量測之溫度皆會超過散熱材料未被移除時區域之溫度。特別是,當散熱材料存在,處理區域110執行一給定指令,並給定一環境溫度,第一溫度感測器120及/或第二溫度感測器125量測之溫度將會很好地被定義之。換句話說,當散熱材料存在,在處理區域110執行一特定指令時,將會很好定義處理區域110及/或儲存區域105之安全區域的溫度上升。In a physical intrusion event, since the heat dissipation material on the semiconductor die is removed, the temperature measured by the
然而,在物理性攻擊期間,在已以任何方式移除、毀損或破壞散熱材料的區域,對於給定的指令,第一溫度感測器120及/或第二溫度感測器125量測之溫度將會與預期非常不同。However, during the physical attack, in areas where the heat dissipation material has been removed, damaged or destroyed in any way, for a given command, the
因此,本說明之實施例中,對於給定指令,若第一溫度感測器120及/或第二溫度感測器125量測之溫度高於預期溫度達一預定數值時,則可確認有物理性攻擊。Therefore, in the embodiment of this description, for a given command, if the temperature measured by the
圖2依據實施例顯示一積體電路100。於圖2積體電路100中,顯示數個參考到圖1的零件。這些零件具有共同參考數字,且讀者可以參考圖1之討論。另外,在通訊電路115中有第三溫度感測器210,以及在儲存區域105之非安全部分設有第四溫度感測器205。FIG. 2 shows an
一般來說,在物理性攻擊期間,通訊電路115周圍之散熱材料保持不受影響。這意謂第三溫度感測器210可量測環境溫度或積體電路100之背景溫度。當然,本說明並非如此受限,為了量測積體電路100之環境溫度,第三溫度感測器210可被設於積體電路100中任何較不可能發生物理性攻擊之位置。Generally, during a physical attack, the heat dissipation material around the
如上述提及,在儲存區域105之非安全部分設有第四溫度感測器205。與通訊電路115類似,儲存區域105之非安全部分係較不可能被侵入,儲存區域105之非安全部分周圍之散熱材料通常維持原樣。因此,第四溫度感測器205也可用於量測積體電路100之環境溫度。As mentioned above, a
應注意,提供一個或多個環境溫度感測器係可選擇的。It should be noted that providing one or more ambient temperature sensors is optional.
圖3顯示描述本說明實施例之一流程圖300。流程圖300使用存於儲存區域105之軟體,於實施例的積體電路100中執行。Figure 3 shows a
流程圖300自步驟305開始。處理區域110執行一指令時,程序進行至步驟310。一實例指令,係藉一讀卡機與通訊電路115通訊,接收應用程序的密碼指令。由於指令是由處理區域110執行,處理區域110調查第一溫度感測器120,並接收第一溫度感測器120量測之溫度。此係步驟315。當處理區域110調查第二溫度感測器125,並接收第二溫度感測器125量測之溫度時,程序進行至步驟320。當然可預期的,處理區域110可能調查第三溫度感測器205及/或第四溫度感測器210,以補充或代替第一溫度感測器120及第二溫度感測器125。換句話說,可預期於一物理性攻擊期間,一第一溫度讀數將來自一較可能損毀之區域,且一第二溫度讀數將來自另一較可能或較不可能損毀之區域。The
處理區域110接著比較第一及第二溫度之差距。此係步驟325。當建立一檢查,係第一與第二溫差是否超過一閾值溫度,程序進行至步驟330。此於圖4更詳細描述。在差距超過閾值溫度之事件,即一物理性攻擊被探測,選擇「是」路徑,進行至步驟335,且如上述解釋,將執行一事件如至少刪除儲存區域105之安全部分。程序接著進行至步驟340,流程圖即結束。The
回歸至步驟330,若溫差未超過閾值溫度,選擇「否」路徑,進行至流程終點,即步驟340。Returning to step 330, if the temperature difference does not exceed the threshold temperature, select the “No” path to proceed to the end of the process, that is,
流程圖330提及,當執行一特定指令時,溫差超過一閾值溫度,則為偵測到物理性攻擊。當執行指令時,測量而得之一溫度可能為環境溫度或可能皆為積體電路100中之特定區域或受物理性攻擊影響之區域。
一些狀況下,執行一特定指令時,物理性攻擊可能會因三個或更多溫度量測之間的差距超過一閾值而被偵測到。In some situations, when a specific command is executed, a physical attack may be detected because the difference between three or more temperature measurements exceeds a threshold.
應注意,本說明並非僅受限於複數個溫度量測。例如,當處理區域110執行一指令時,較可能受物理性攻擊傷害之區域的溫度量測超過一特定溫度達一預定數值時,可能表示偵測到物理性攻擊。換句話說,當處理區域110執行一特定指令,而絕對溫度量測超過一特定溫度時,可能表示偵測到一物理性攻擊。It should be noted that this description is not limited to multiple temperature measurements. For example, when the
圖4顯示一表格。在一實施例中,表格存放於儲存區域105。表格可存放於儲存區域105的安全部分,以確保表格的完整性。表格可以是與由處理區域110在第一溫度感測器120、第二溫度感測器125、第三溫度感測器205和第四溫度感測器210處的期望溫度來運行指令相關聯的任何數據結構。換句話說,當處理區域110執行一特定指令且散熱材料係完整的,表格存放各溫度感測器之期望溫度。當給定一環境溫度時,上述期望溫度係各溫度感測器之絕對溫度。Figure 4 shows a table. In one embodiment, the table is stored in the
如上述實施例,二量測溫度之差距係用以判斷是否發生物理性攻擊。透過考量溫差,對於減緩環境溫度的影響特別有效。換句話說,當絕對溫度列入考量,在高溫環境下,即使沒有物理性攻擊發生,絕對溫度仍可能超過閾值。然而,當使用二量測所得溫度的差值來偵測物理性攻擊,則可以減輕大環境溫度的影響。這減低了偵測物理性攻擊時發生錯誤的可能性。As in the above embodiment, the difference between the two measured temperatures is used to determine whether a physical attack occurs. By considering the temperature difference, it is particularly effective for mitigating the influence of ambient temperature. In other words, when absolute temperature is taken into consideration, in a high-temperature environment, even if no physical attack occurs, the absolute temperature may still exceed the threshold. However, when the difference between the two measured temperatures is used to detect physical attacks, the impact of the ambient temperature can be reduced. This reduces the possibility of errors in detecting physical attacks.
在圖4的實例表格中,程序區域110執行之指令係一應用程序密碼指令,且散熱材料係完整的,第一溫度感測器120量測之第一溫度係攝氏55度,第二溫度感測器125量測之第二溫度係攝氏85度,第三溫度感測器205量測之第三溫度係攝氏45度,以及第四溫度感測器210量測之第四溫度係攝氏40度。此溫度分布顯示指令是由處理區域110所執行。換句話說,當應用程序密碼指令運行時,處理區域110將接收來自儲存區域105之安全部分的密碼。由於這是一個複雜的命令,因此需要處理區域110進行密集操作,這意味著第二溫度(與處理區域110相關的溫度)將會很高。另外,儲存區域105之安全部分操作時,第一溫度(與儲存區域105相關之溫度)會上升。In the example table of FIG. 4, the command executed by the
由於通訊電路115及儲存區域105之非安全部分並無密集操作,第三量測溫度及第四量測溫度係約為環境溫度。Since the non-secure parts of the
在圖4實例表格中,處理區域110執行之指令係一確認讀卡機的命令,且散熱材料係完整的,第一溫度感測器120量測之第一溫度係攝氏40度,第二溫度感測器125量測之第二溫度係攝氏55度,第三溫度感測器量測之第三溫度係攝氏40度,以及第四溫度感測器210量測之第四溫度係攝氏70度。再一次,此溫度分布顯示此指令是由處理區域110執行的。明確地說,確認讀卡機的命令無須存取儲存區域105之安全部分。因此,第一溫度感測器120量測之第一溫度係約環境溫度。因指令並不複雜,處理區域110無須密集操作。這表示,相較於複雜操作時之溫度,第二溫度(處理區域110之溫度)很低。再者,由於儲存區域105非安全部分無需處理確認讀卡機的指令,與儲存區域105之非安全部分相關聯之第三溫度係低溫。最終,由於通訊電路115必須與讀卡機通訊以處理指令,第四溫度感測器210量測之通訊電路115的溫度上升。In the example table of FIG. 4, the command executed by the
相應地,當在處理區域110上運行特定指令並且積體電路100具有完整的散熱材料時,圖4的表包括與每個溫度感測器相關聯的預定溫度。儲存溫度中之任二者的差距即為預定義溫度差距。Accordingly, when a specific instruction is executed on the
因此,回到圖3步驟330,對於其中處理區域110正在運行特定指令的積體電路100,決定二量測溫度之溫差。對同一指令,將儲存在圖4表中的兩個測得溫度之間的預定溫差進行比較。例如,二量測溫度差高於預定溫度差之10%的閾值達之,則流程進行至步驟335。或者,若量測溫度小於或等於閾值,流程進行至步驟340,如圖3之相關解釋。當然,雖然前文以溫度差高於預定溫度差之10%的閾值為例,本說明並非如此受限。差距可以是一相異的百分比或一絕對數值。Therefore, returning to step 330 in FIG. 3, for the
如上述本說明實施例解釋,積體電路100執行一指令時,各部分的溫度係積體電路100之特性。這表示,雖然上文已對是否從半導體晶粒移除散熱材料作描述,本說明並非如此受限。舉例來說,某些狀況下,有必要確保指令僅於特定(即合法)積體電路上執行。為了避免個人於其他積體電路執行指令,可以採用類似上文描述之系統。換句話說,可以在執行一指令時,測量積體電路中一或多部分的溫度,並於一合法積體電路執行相同指令時與一預定溫度作比較,接著於量測溫度高於閾值時觸發一事件。若製造商希望軟體僅運行於特定且認證的積體電路時,此係有用的。因此,以上技術能用於識別何時在未認證的積體電路上運行這種軟體,因為當軟體於未認證的積體電路上執行指令時之溫度會有別於在已認證積體電路上執行指令時之溫度。As explained in the above described embodiment, when the
明顯地,根據上述指示,本說明的多種修改及變化係可能實現的。因此可以了解,於申請專利範圍內,本說明能以有別於此處描述之方式來實施之。Obviously, according to the above instructions, various modifications and changes in this description are possible. Therefore, it can be understood that within the scope of the patent application, this description can be implemented in a manner different from that described here.
就已實施之本說明實施例而言,透過軟體控制的數據處理儀器能夠理解,裝有軟體之一非暫態機器可讀取媒介(non-transitory machine-readable medium),如一光碟、一磁碟、半導體記憶體或其他,皆可用以代表本說明之實施例。As far as the embodiments of this description have been implemented, data processing equipment controlled by software can understand that a non-transitory machine-readable medium (non-transitory machine-readable medium), such as a CD or a disk, is installed with software. , Semiconductor memory or others, can be used to represent the embodiments of this description.
應理解的,以上描述為了清楚起見,已參考不同功能元件、電路及/或處理器。但明顯地,在無背離實施例的情況下,不同功能元件、電路及/或處理器中任何功能布局皆有可能使用。It should be understood that the above description has referred to different functional elements, circuits, and/or processors for clarity. Obviously, without departing from the embodiment, any functional layout in different functional elements, circuits and/or processors may be used.
描述之實施例可實施於任何合適之形式,包括硬體、軟體、韌體或前述任何組合。描述之實施例至少可選擇性實施於部分執行於一或更多資料之處理器及/或數位訊號處理器之計算機軟體。任何實施例之元件及組件可以以任何合適之物理地、功能性地與合邏輯之方式實現。實際上,功能性可以以單一單元、複數個單元或以其他功能單元之部分來實施。如此,本說明之實施例可於單一單元實現,或物理地及功能性地分布於不同單元、電路及/或處理器之間。The described embodiments can be implemented in any suitable form, including hardware, software, firmware, or any combination of the foregoing. The described embodiments can be selectively implemented at least partially in computer software running on one or more data processors and/or digital signal processors. The elements and components of any embodiment can be implemented in any suitable physical, functional and logical manner. In fact, the functionality can be implemented as a single unit, multiple units, or as part of other functional units. In this way, the embodiments of this description can be implemented in a single unit, or physically and functionally distributed among different units, circuits, and/or processors.
儘管本說明已描述相當多實施例,但此處闡述並非意圖限制於特定形式。此外,儘管本說明之特點已結合特定實施例進行描述,但本領域之技術人員可能將了解,所述實施例之各種特點可與任何合適之實施技術結合。Although this description has described many embodiments, the descriptions here are not intended to be limited to a specific form. In addition, although the features of this specification have been described in conjunction with specific embodiments, those skilled in the art may understand that the various features of the embodiments can be combined with any suitable implementation technology.
本說明之實施例可依據下列編號條款定義:The embodiments of this description can be defined according to the following numbering clauses:
1. 一種積體電路,包含: 一處理區域,配置為執行複數個指令中之一指令; 一第一溫度量測區域,配置為量測該積體電路中該處理區域執行該指令時之一第一溫度,其中: 該處理區域執行一指令時,該處理區域配置為比較該第一溫度量測區域之該第一量測溫度與一預定溫度,其中當該第一量測溫度超過該預定溫度達一閾值,該處理區域觸發一事件。1. An integrated circuit, including: A processing area, configured to execute one of a plurality of instructions; A first temperature measurement area configured to measure a first temperature when the processing area in the integrated circuit executes the instruction, wherein: When the processing area executes an instruction, the processing area is configured to compare the first measured temperature of the first temperature measurement area with a predetermined temperature, wherein when the first measured temperature exceeds the predetermined temperature by a threshold, the The processing area triggers an event.
2. 如條款1所述的積體電路,更包含: 一第二溫度量測區域,配置為量測該積體電路中該處理區域執行該指令時之該第二溫度,其中當該第一量測溫度與該第二量測溫度之差距超過一預定溫差(a predefined temperature difference)達一預設值,該處理區域觸發一事件。2. The integrated circuit as described in clause 1, further including: A second temperature measurement area configured to measure the second temperature when the processing area in the integrated circuit executes the instruction, wherein when the difference between the first measurement temperature and the second measurement temperature exceeds a predetermined When a predefined temperature difference reaches a preset value, the processing area triggers an event.
3. 如條款1或2所述的積體電路,其中該事件係偵測對該積體電路之一物理性攻擊。3. The integrated circuit as described in clause 1 or 2, wherein the event is the detection of a physical attack on one of the integrated circuits.
4. 如第條款3所述的積體電路,更包含: 一包含安全區域及一非安全區域之存儲區域,其中當該物理性攻擊事件被偵測,該處理區域配置為刪除該安全區域之資料。4. The integrated circuit as described in clause 3, further including: A storage area including a secure area and a non-secure area, wherein when the physical attack event is detected, the processing area is configured to delete data in the secure area.
5. 一種偵測一積體電路中之一物理性攻擊方法,其包含步驟有: 執行複數個指令中之一指令;以及 量測該積體電路執行該指令時之一第一溫度;以及 當執行該指令時,比較該第一溫度及該第一溫度量測區域之一預定溫度;以及 當該第一量測溫度超過該預定溫度之一閾值時,觸發一事件。5. A method for detecting a physical attack in an integrated circuit, which includes the following steps: Execute one of a plurality of instructions; and Measuring a first temperature when the integrated circuit executes the instruction; and When the instruction is executed, compare the first temperature with a predetermined temperature of the first temperature measurement area; and When the first measured temperature exceeds a threshold of the predetermined temperature, an event is triggered.
6. 如條款5所述一種偵測一積體電路中之一物理性攻擊的方法,更包含: 量測該積體電路執行該指令時之一第二溫度;以及 當該第一量測溫度及該第二量測溫度之差距超過一預定溫差達一預設值時,觸發該事件。6. A method for detecting a physical attack in an integrated circuit as described in clause 5, further including: Measuring a second temperature when the integrated circuit executes the instruction; and When the difference between the first measured temperature and the second measured temperature exceeds a predetermined temperature difference by a predetermined value, the event is triggered.
7. 如條款5或6所述偵測一積體電路中之一物理性攻擊的方法,其中該事件係偵測對該積體電路之一物理性攻擊。7. The method for detecting a physical attack on an integrated circuit as described in clause 5 or 6, wherein the event is to detect a physical attack on the integrated circuit.
8. 如條款7所述偵測一積體電路中之一物理性攻擊的方法,其中當該物理性攻擊事件被偵測,該方法配置為刪除該積體電路中一安全區域之資料。8. The method for detecting a physical attack in an integrated circuit as described in clause 7, wherein when the physical attack event is detected, the method is configured to delete data in a secure area of the integrated circuit.
9. 一計算機程式,用於計算機可讀取之指令,當該程式上載於一計算機,配置該計算機以執行如條款5-8任一項所述之方法。9. A computer program for instructions that can be read by a computer. When the program is uploaded to a computer, configure the computer to perform the method described in any of clauses 5-8.
100:積體電路 105:儲存區域 110:處理區域 115:通訊區域 120:第一溫度感測器 125:第二溫度感測器 205:第三溫度感測器 210:第四溫度感測器 300:流程圖 305,310,315,320,325,330,335,340:步驟100: Integrated circuit 105: storage area 110: Processing area 115: communication area 120: The first temperature sensor 125: second temperature sensor 205: The third temperature sensor 210: The fourth temperature sensor 300: flow chart 305,310,315,320,325,330,335,340: steps
通過參考下列詳細說明同時結合附圖考量,對本說明及其更多附帶優勢會有更完整的理解,其中: 圖1與圖2分別描述本說明之一積體電路及其實施例; 圖3描述本說明實施例之一流程圖; 圖4描述圖3中本說明實施例中儲存溫度之一表格。By referring to the following detailed description and considering the accompanying drawings, you will have a more complete understanding of this description and its additional advantages, among which: Figures 1 and 2 respectively describe an integrated circuit of this specification and its embodiments; Figure 3 depicts a flow chart of an embodiment of this description; FIG. 4 depicts a table of the storage temperature in the illustrated embodiment of FIG. 3. FIG.
100:積體電路 100: Integrated circuit
105:儲存區域 105: storage area
110:處理區域 110: Processing area
115:通訊區域 115: communication area
120:第一溫度感測器 120: The first temperature sensor
125:第二溫度感測器 125: second temperature sensor
Claims (9)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP18210773.0 | 2018-12-06 | ||
EP18210773.0A EP3663959B1 (en) | 2018-12-06 | 2018-12-06 | An integrated circuit, method and computer program |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202036350A true TW202036350A (en) | 2020-10-01 |
TWI723632B TWI723632B (en) | 2021-04-01 |
Family
ID=64661087
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW108141447A TWI723632B (en) | 2018-12-06 | 2019-11-14 | An integrated circuit, method and computer program |
Country Status (4)
Country | Link |
---|---|
US (1) | US11842969B2 (en) |
EP (1) | EP3663959B1 (en) |
CN (1) | CN111291428B (en) |
TW (1) | TWI723632B (en) |
Family Cites Families (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE10111435A1 (en) * | 2001-03-09 | 2002-09-26 | Infineon Technologies Ag | Device and method for performing operations at an adjustable speed |
DE10200288A1 (en) | 2002-01-07 | 2003-07-17 | Scm Microsystems Gmbh | A device for executing applications that include secure transactions and / or access control to valuable content and / or services and methods for protecting such a device |
EP1467459A1 (en) * | 2003-04-11 | 2004-10-13 | Koninklijke Philips Electronics N.V. | Method and apparatus for integrated circuit protection |
US7362248B2 (en) * | 2005-11-22 | 2008-04-22 | Stmicroelectronics, Inc. | Temperature tamper detection circuit and method |
US8370644B2 (en) * | 2008-05-30 | 2013-02-05 | Spansion Llc | Instant hardware erase for content reset and pseudo-random number generation |
US8522049B1 (en) * | 2008-07-31 | 2013-08-27 | Maxim Integrated Products, Inc. | Secure processor for extreme outdoor temperature conditions |
FR2947361B1 (en) * | 2009-06-29 | 2011-08-26 | Viaccess Sa | METHOD FOR DETECTING ATTACK ATTEMPT, RECORDING MEDIUM AND SECURITY PROCESSOR FOR SAID METHOD |
US8914890B2 (en) * | 2011-01-31 | 2014-12-16 | International Business Machines Corporation | Determining the vulnerability of computer software applications to privilege-escalation attacks |
JP5776927B2 (en) * | 2011-03-28 | 2015-09-09 | ソニー株式会社 | Information processing apparatus and method, and program |
US9075991B1 (en) * | 2011-06-08 | 2015-07-07 | Emc Corporation | Looting detection and remediation |
FR3026253B1 (en) * | 2014-09-19 | 2016-12-09 | Commissariat Energie Atomique | SYSTEM AND METHOD FOR SECURING AN ELECTRONIC CIRCUIT |
US9569641B2 (en) * | 2015-03-24 | 2017-02-14 | Nxp Usa, Inc. | Data processing system with temperature monitoring for security |
TWI547823B (en) * | 2015-09-25 | 2016-09-01 | 緯創資通股份有限公司 | Method and system for analyzing malicious code, data processing apparatus and electronic apparatus |
GB2544546B (en) * | 2015-11-20 | 2020-07-15 | Advanced Risc Mach Ltd | Dynamic memory scrambling |
US20170357829A1 (en) * | 2016-06-13 | 2017-12-14 | Samsung Electronics Co., Ltd. | Integrated circuit, mobile device having the same, and hacking preventing method thereof |
US10175118B1 (en) * | 2016-08-31 | 2019-01-08 | Square, Inc. | Systems and methods for measuring temperature |
US10474814B2 (en) * | 2016-09-28 | 2019-11-12 | Intel Corporation | System, apparatus and method for platform protection against cold boot attacks |
WO2018111601A1 (en) * | 2016-12-16 | 2018-06-21 | Square, Inc. | Tamper detection system |
US10296738B2 (en) * | 2017-05-03 | 2019-05-21 | Nuvoton Technology Corporation | Secure integrated-circuit state management |
EP3506548A1 (en) * | 2017-12-27 | 2019-07-03 | Secure-IC SAS | Quantitative digital sensor |
DE102018206487A1 (en) * | 2018-04-26 | 2019-10-31 | Robert Bosch Gmbh | Method for determining a state of the thermal connection of at least one component within an electrical energy storage system to a heat source or heat sink |
-
2018
- 2018-12-06 EP EP18210773.0A patent/EP3663959B1/en active Active
-
2019
- 2019-11-14 TW TW108141447A patent/TWI723632B/en active
- 2019-12-03 CN CN201911219493.7A patent/CN111291428B/en active Active
- 2019-12-06 US US16/705,568 patent/US11842969B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
EP3663959B1 (en) | 2021-08-11 |
US11842969B2 (en) | 2023-12-12 |
CN111291428A (en) | 2020-06-16 |
TWI723632B (en) | 2021-04-01 |
CN111291428B (en) | 2024-08-09 |
EP3663959A1 (en) | 2020-06-10 |
US20200185339A1 (en) | 2020-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220373593A1 (en) | Security circuitry for bonded structures | |
US11893580B2 (en) | Establishment of a secure session between a card reader and a mobile device | |
US10733291B1 (en) | Bi-directional communication protocol based device security | |
US9892293B1 (en) | Tamper detection system | |
US10127409B1 (en) | Tamper detection system | |
TWI391864B (en) | Critical security parameter generation and exchange system and method for smart-card memory modules | |
JP6665217B2 (en) | Establish a secure session between the card reader and mobile device | |
US9436940B2 (en) | Embedded secure element for authentication, storage and transaction within a mobile terminal | |
US9300665B2 (en) | Credential authentication methods and systems | |
TWI277904B (en) | Method, recording medium and system for protecting information | |
JP5107915B2 (en) | System comprising a plurality of electronic devices and one maintenance module | |
TW201633207A (en) | Device keys protection | |
KR101080511B1 (en) | Integrated circuit chip prevneting leak of identification key and method for certification of the integrated circuit chip | |
JP2006513477A (en) | Method and terminal for detecting counterfeit and / or altered smart cards | |
CN107944271A (en) | To the switching based on context of secure operating system environment | |
US8985447B2 (en) | Secure payment card interface | |
US10528928B1 (en) | Scanning system with direct access to memory | |
KR101922931B1 (en) | Security apparatus and operating method thereof | |
JP4475386B2 (en) | Chip card initialization | |
TWI723632B (en) | An integrated circuit, method and computer program | |
US11270957B2 (en) | Method for detecting a breach of the integrity of a semiconductor substrate of an integrated circuit from its rear face, and corresponding device | |
US20240169334A1 (en) | Apparatus, system, and method for a security operations management module for a payment terminal | |
US11587890B2 (en) | Tamper-resistant circuit, back-end of the line memory and physical unclonable function for supply chain protection | |
CN113675097A (en) | Three-dimensional chip manufacturing method and three-dimensional chip | |
TW202336619A (en) | Electronic device with security circuit and security memory |